package com.niodata.dp.core.security;

import com.niodata.dp.core.resource.ResourceType;
import java.util.List;

/**
 * basic resource security manager. grant、revoke access to user or group.
 */
public interface ResourceSecurityManager {


  void grantAccess(ResourceAuth resourceAuth);

  void revokeAccess(ResourceAuth resourceAuth);

  /**
   * 授权一个组的所有用户权限.
   *
   * @param resId resource info
   * @param groupId group info
   * @param accessType access type
   */
  void grantGroupAccess(String resId, long groupId, String accessType);

  /**
   * 授权一个组的所有用户权限.
   *
   * @param resId resource info
   * @param groupIds group infos
   * @param accessType access type
   */
  void grantGroupAccess(String resId, List<Long> groupIds, String accessType);

  /**
   * 授权一个用户对应的权限.
   *
   * @param resId resource info
   * @param userId user info
   * @param accessType access type
   */
  void grantUserAccess(String resId, long userId, String accessType);

  /**
   * 授权一个用户对应的权限.
   *
   * @param resId resource info
   * @param userIds user infos
   * @param accessType access type
   */
  void grantUserAccess(String resId, List<Long> userIds, String accessType);

  /**
   * 回收一个组对应的权限.
   *
   * @param resId resource info.
   * @param groupId group info
   * @param accessType access type
   */
  void revokeGroupAccess(String resId, long groupId, String accessType);

  /**
   * 回收用户指定的权限.
   *
   * @param resId resource info
   * @param userId user info
   * @param accessType access type
   */
  void revokeUserAccess(String resId, long userId, String accessType);

  /**
   * 向任何用户打开指定权限.
   *
   * @param resId resource info
   * @param accessType access type
   */
  void grantAccessToAnyUser(String resId, String accessType);

  /**
   * 取消所有用户指定的权限.
   *
   * @param resId resource info
   * @param accessType access type
   */
  void revokeAccessFromAnyUser(String resId, String accessType);

  /**
   * 获取组权限资源.
   *
   * @param groupId group id
   * @param resourceType resource type
   */
  List<ResourceAuth> getGroupAuthorizedRes(long groupId, ResourceType resourceType);


  /**
   * 获取组权限资源.
   *
   * @param groupId group id
   * @param resourceType resource type
   * @param accessType access type
   */
  List<ResourceAuth> getGroupAuthorizedRes(long groupId, ResourceType resourceType,
        String accessType);


  /**
   * 获取用户授权的全部资源,包含由组权限传递给用户的权限.
   *
   * @param userId user id
   * @param resourceType resource type
   */
  List<ResourceAuth> getUserAuthorizedRes(long userId, ResourceType resourceType);

  /**
   * 获取用户指定权限类型的全部资源,包含由组权限传递给用户的权限.
   *
   * @param userId user id
   * @param resourceType resource type
   */
  List<ResourceAuth> getUserAuthorizedRes(long userId, ResourceType resourceType,
        String accessType);

  /**
   * 获取用户对指定资源的授权列表.
   *
   * @param userId user id
   * @param resId resource id
   * @return list of resource auth
   */
  List<ResourceAuth> getUserResourceAuthOfResource(long userId, String resId);


  /**
   * get resource authorized targets.
   *
   * @param resId resource id
   * @param targetType target type
   */
  List<ResourceAuth> getResAuthorizedTargets(String resId, String targetType);

  /**
   * 用户具有管理权限的授权资源列表.
   *
   * @param userId userid
   * @param resourceType resource type
   * @return resource list
   */
  List<ResourceAuth> getUseManagedResAuth(long userId, ResourceType resourceType,
        String targetType, String targetId, int offset, int count);

  boolean isResourceManagedByUser(long userId, String resId);

}

